“The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets.The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development.While many Internet companies rely on the free code, its integrity depends on a small number of underfunded researchers who devote their energies to the projects.In contrast, the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified. The agency found Heartbleed shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.”

NSA Exploits Heartbleed

Heartbleed graphic courtesy of Leena

Thanks to Bloomberg

via NSA Said to Exploit Heartbleed Bug for Intelligence for Years – Bloomberg.

Comments are closed.

Post Navigation